mash: Flaky startup crashes in ui::DrmThread::IsDeviceAtomic |
||||
Issue descriptionStarted happening late last week. This report is automatically generated to track the following Failure: Test: desktopui_MashLogin. Suite: chrome-informational. Chrome Version: 70.0.3527.0. Build: veyron_minnie-tot-chrome-pfq-informational/R70-10979.0.0-b2858056. Reason: Unhandled DevtoolsTargetCrashException: Devtools target crashed. build artifacts: https://storage.cloud.google.com/?arg=chromeos-image-archive/veyron_minnie-tot-chrome-pfq-informational/R70-10979.0.0-b2858056. results log: http://ubercautotest.corp.google.com/tko/retrieve_logs.cgi?job=/results/228791738-chromeos-test/chromeos4-row9-rack10-host6/debug/. status log: http://ubercautotest.corp.google.com/tko/retrieve_logs.cgi?job=/results/228791738-chromeos-test/chromeos4-row9-rack10-host6/status.log. job link: http://cautotest-prod/afe/#tab_id=view_job&object_id=228791738. You may want to check the test history: https://stainless.corp.google.com/search?test=^desktopui\_MashLogin$&first_date=2018-07-22&last_date=2018-08-19&row=model&col=build&view=matrix CPU: arm ARMv1 ARM part(0x4100c0d0) features: swp,half,thumb,fastmult,vfpv2,edsp,thumbee,neon,vfpv3,tls,vfpv4,idiva,idivt 4 CPUs GPU: UNKNOWN Crash reason: SIGSEGV Crash address: 0x0 Process uptime: not available Thread 0 (crashed) 0 chrome!ui::DrmThread::IsDeviceAtomic(int, bool*) [drm_device.h : 81 + 0x0] r0 = 0x00000000 r1 = 0x00000000 r2 = 0x00000001 r3 = 0x00000000 r4 = 0xa64165e3 r5 = 0xacaecec0 r6 = 0x0d12f804 r7 = 0xa5c16a60 r8 = 0x00000000 r9 = 0xa5c16af0 r10 = 0xa5c16c10 r12 = 0x0e22fab4 fp = 0xacaecec0 sp = 0xa5c16a50 lr = 0x0693fe75 pc = 0x0693fe78 Found by: given as instruction pointer in context 1 chrome!ui::(anonymous namespace)::OnRunPostedTaskAndSignal(base::OnceCallback<void ()>, base::WaitableEvent*) [callback.h : 99 + 0x3] r4 = 0xa64165a8 r5 = 0x0eaddfc0 r6 = 0x0d12f804 r7 = 0xa5c16a70 r8 = 0x00000000 r9 = 0xa5c16af0 r10 = 0xa5c16c10 fp = 0xacaecec0 sp = 0xa5c16a68 pc = 0x0695211b Found by: call frame info 2 chrome!base::internal::Invoker<base::internal::BindState<void (*)(base::OnceCallback<GURL ()>, std::__1::unique_ptr<GURL, std::__1::default_delete<GURL> >*), base::OnceCallback<GURL ()>, std::__1::unique_ptr<GURL, std::__1::default_delete<GURL> >*>, void ()>::RunOnce(base::internal::BindStateBase*) [bind_internal.h : 416 + 0x1] r4 = 0xacaecec0 r5 = 0x0e417120 r6 = 0x0d12f804 r7 = 0xa5c16a88 r8 = 0x00000000 r9 = 0xa5c16af0 r10 = 0xa5c16c10 fp = 0xacaecec0 sp = 0xa5c16a78 pc = 0x0646182d Found by: call frame info 3 chrome!base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) [callback.h : 99 + 0x3] r4 = 0x0d16ed58 r5 = 0x0e417120 r6 = 0x0d12f804 r7 = 0xa5c16b30 r8 = 0x00000000 r9 = 0xa5c16af0 r10 = 0xa5c16c10 fp = 0xacaecec0 sp = 0xa5c16a90 pc = 0x0816a52b Found by: call frame info 4 chrome!base::MessageLoop::RunTask(base::PendingTask*) [message_loop.cc : 431 + 0x5] r4 = 0x0d16ea34 r5 = 0xa5c16bb0 r6 = 0xa5c16ba0 r7 = 0xa5c16be0 r8 = 0x0e1ac768 r9 = 0x0e1ac700 r10 = 0xa5c16c10 fp = 0xacaecec0 sp = 0xa5c16b38 pc = 0x080fca71 Found by: call frame info 5 chrome!base::MessageLoop::DoWork() [message_loop.cc : 442 + 0x5] r4 = 0x0ceb3eb4 r5 = 0xa5c16c38 r6 = 0xa5c16c48 r7 = 0xa5c16d70 r8 = 0x0e1ac78c r9 = 0x0e1ac700 r10 = 0xa5c16cc8 fp = 0xa5c16cb0 sp = 0xa5c16be8 pc = 0x080fd317 Found by: call frame info 6 chrome!base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) [message_pump_libevent.cc : 210 + 0x3] r4 = 0x0e2118a0 r5 = 0x0e1ac700 r6 = 0x00000000 r7 = 0xa5c16dc0 r8 = 0x0cd67478 r9 = 0x0e2118a8 r10 = 0x00000000 fp = 0x00000000 sp = 0xa5c16d78 pc = 0x081681d7 Found by: call frame info 7 chrome!base::RefCountedThreadSafe<base::TaskRunner, base::TaskRunnerTraits>::Release() const [run_loop.cc : 102 + 0x3] r4 = 0xa5c16df0 r5 = 0x0d16d03c r6 = 0x0e1e8968 r7 = 0xa5c16dd0 r8 = 0x0c730c21 r9 = 0xa5c16df0 r10 = 0x0e1ac700 fp = 0xa5c16df0 sp = 0xa5c16dc8 pc = 0x081146f1 Found by: call frame info 8 chrome!base::Thread::ThreadMain() [thread.cc : 357 + 0x21] r4 = 0x0e1e8960 r5 = 0x0d16d03c r6 = 0x0e1e8968 r7 = 0xa5c16e40 r8 = 0x0c730c21 r9 = 0xa5c16df0 r10 = 0x0e1ac700 fp = 0xa5c16df0 sp = 0xa5c16dd8 pc = 0x0813fb61 Found by: call frame info 9 chrome!base::(anonymous namespace)::ThreadFunc(void*) [platform_thread_posix.cc : 76 + 0x23] r4 = 0x0d16ddc8 r5 = 0xa5c17450 r6 = 0x0e1e53c0 r7 = 0xa5c16e58 r8 = 0x0e1e8960 r9 = 0xa6417684 r10 = 0xa6417450 fp = 0x00000000 sp = 0xa5c16e48 pc = 0x081654ed Found by: call frame info 10 libpthread-2.23.so!start_thread [pthread_create.c : 335 + 0xb] r4 = 0xa5c17450 r5 = 0xa6416710 r6 = 0x00000000 r7 = 0xa5c16e60 r8 = 0xa5c16f90 r9 = 0xa6417684 r10 = 0xa6417450 fp = 0x00000000 sp = 0xa5c16e60 pc = 0xaca93551 Found by: call frame info 11 libc-2.23.so!clone + 0x5e r4 = 0xa5c17450 r5 = 0xa6416710 r6 = 0x00000000 r7 = 0x00000078 r8 = 0xa5c16f90 r9 = 0xa6417684 r10 = 0xa6417450 fp = 0x00000000 sp = 0xa5c16f90 pc = 0xac5fc141 Found by: call frame info Test history: https://stainless.corp.google.com/search?exclude_retried=true&exclude_cts=false&exclude_non_production=true&exclude_acts=true&exclude_non_release=true&exclude_au=true&test=desktopui_MashLogin&exclude_not_run=false&row=board&col=build&view=matrix&days=14 This test just runs Chrome through the login screen with --enable-features=Mash, which runs ash out-of-process. I think derat@ just added a suite to the Chrome PFQ that includes a similar test, so it would be good if this didn't flake. spang, can you route this to the right person?
,
Aug 20
,
Aug 27
,
Aug 28
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4c19549247aacdc4b4b742feaab55373c21f3012 commit 4c19549247aacdc4b4b742feaab55373c21f3012 Author: Daniele Castagna <dcastagna@chromium.org> Date: Tue Aug 28 15:32:49 2018 ozone/drm: Fix nullptr deref in IsDeviceAtomic DrmThread::IsDeviceAtomic currently can cause a SIGSEGV since it assumes that |drm_device| is a valid pointer. |drm_device| device can be nullptr if the widget has been disabled. This patch fixes the issue checking that |drm_device| is a valid pointer before dereferencing it. Bug: 875882 , 876385 Change-Id: I01527e9d9d294e0f98146ccd5e6d5ef70e0dfdf0 Reviewed-on: https://chromium-review.googlesource.com/1193963 Reviewed-by: Michael Spang <spang@chromium.org> Commit-Queue: Daniele Castagna <dcastagna@chromium.org> Cr-Commit-Position: refs/heads/master@{#586717} [modify] https://crrev.com/4c19549247aacdc4b4b742feaab55373c21f3012/ui/ozone/platform/drm/gpu/drm_thread.cc
,
Aug 28
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/938bded2a0cb263761a6294c6198382e78e48950 commit 938bded2a0cb263761a6294c6198382e78e48950 Author: Daniele Castagna <dcastagna@chromium.org> Date: Tue Aug 28 23:42:07 2018 ozone/drm: Fix nullptr deref in IsDeviceAtomic DrmThread::IsDeviceAtomic currently can cause a SIGSEGV since it assumes that |drm_device| is a valid pointer. |drm_device| device can be nullptr if the widget has been disabled. This patch fixes the issue checking that |drm_device| is a valid pointer before dereferencing it. Bug: 875882 , 876385 Change-Id: I01527e9d9d294e0f98146ccd5e6d5ef70e0dfdf0 Reviewed-on: https://chromium-review.googlesource.com/1193963 Reviewed-by: Michael Spang <spang@chromium.org> Commit-Queue: Daniele Castagna <dcastagna@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#586717}(cherry picked from commit 4c19549247aacdc4b4b742feaab55373c21f3012) Reviewed-on: https://chromium-review.googlesource.com/1194975 Reviewed-by: Bernie Thompson <bhthompson@chromium.org> Cr-Commit-Position: refs/branch-heads/3532@{#11} Cr-Branched-From: cae5f8710a9652a6f1716812fbedfdd59fced679-refs/heads/master@{#585632} [modify] https://crrev.com/938bded2a0cb263761a6294c6198382e78e48950/ui/ozone/platform/drm/gpu/drm_thread.cc
,
Sep 7
|
||||
►
Sign in to add a comment |
||||
Comment 1 by derat@chromium.org
, Aug 20